Conversations 6: Joy of DDoS with Akamai’s Michael Smith

Distributed denial of service (DDoS) attacks are cheap and easy to do. It’s just a matter of overwhelming the target site with a flood of internet traffic. According to Michael Smith, head of Akamai Technologies’ computer security incident response team (CSIRT), such attacks will only get worse as we roll out faster broadband infrastructure.

“That increases the amount of bandwidth available to the home, but that also increases that amount of bandwidth that a bunch of computers at the home can throw at a target site,” Smith says on on today’s episode of Corrupted Nerds: Conversations.

Attackers are getting smarter, too. Rather than attacking the infrastructure that supports a website, they’re attacking at the application layer — sending what appear to be valid website requests, but which result in a heavy load of database requests or processor time.

“The more secure that your site is, ’cos you’re checking for all these things for confidentiality and integrity, the harder it is to actually defend that site against an application DDoS attack,” Smith said.

This interview was recorded on 4 September 2013 via Skype to Sydney, Australia.

Episode Notes

Patch Monday podcast from 2 October 2012, DDoS attacks: 150Gb per second and rising, with Alex Caro, Akamai Technologies’ chief technology officer and vice-president of services for Asia Pacific and Japan, and Tal Be’ery, web security research team leader at Imperva.

It is worrying how quickly this issue is developing with smaller business attacks growing. The broadband network is being improved to help business growth but this effort may be exploited by attackers.